b"                                                        IG-00-059\n\n\n\n\nAUDIT\n                                SOFTWARE ASSURANCE\nREPORT\n                                   September 28, 2000\n\n\n\n\n                           OFFICE OF INSPECTOR GENERAL\n\n\nNational Aeronautics and\nSpace Administration\n\x0cAdditional Copies\n\n\nTo obtain additional copies of this report, contact the Assistant Inspector General for\nAuditing at (202) 358-1232, or visit www.hq.nasa.gov/office/oig/hq/issuedaudits.html.\n\nSuggestions for Future Audits\n\nTo suggest ideas for or to request future audits, contact the Assistant Inspector General\nfor Auditing. Ideas and requests can also be mailed to:\n\n        Assistant Inspector General for Auditing\n        Code W\n        NASA Headquarters\n        Washington, DC 20546-0001\n\nNASA Hotline\n\nTo report fraud, waste, abuse, or mismanagement contact the NASA Hotline at (800)\n424-9183, (800) 535-8134 (TDD), or at www.hq.nasa.gov/office/oig/hq/hotline.html#form;\nor write to the NASA Inspector General, P.O. Box 23089, L\xe2\x80\x99Enfant Plaza Station,\nWashington, DC 20026. The identity of each writer and caller can be kept confidential,\nupon request, to the extent permitted by law.\n\nReader Survey\n\nPlease complete the reader survey at the end of this report or at\nhttp://www.hq.nasa.gov/office/oig/hq/audits.html.\n\n\n________________________________________________________________________\n\n\nAcronyms\n\nCIO            Chief Information Officer\nCMM            Capability Maturity Model\nEMC            Engineering Management Council\nFY             Fiscal Year\nISO            Internationa l Standards Organization\nIV&V           Independent Verification and Validation\nNPD            NASA Policy Directive\nOSMA           Office of Safety and Mission Assurance\nPMC            Program Management Council\nSOFIA          Stratospheric Observatory for Infrared Astronomy\nSWG            Software Working Group\n\x0cW                                                                            September 28, 2000\n\n\nTO:              A/Administrator\n\nFROM:            W/Inspector General\n\nSUBJECT:         INFORMATION: Audit of Software Assurance\n                 Report Number IG-00-059\n\n\nThe NASA Office of Inspector General has completed an audit of Software Assurance.\nThe audit focused on determining whether the Agency had established adequate\nguidelines for using independent verification and validation (IV&V) during the software\nlife cycle and whether program and project managers had implemented NASA\xe2\x80\x99s IV&V\nFacility recommendations to perform IV&V. We found that NASA lacked adequate\nmanagement controls for using IV&V in software development projects. In addition,\nNASA lacked adequate controls for collecting, analyzing, and reporting software metrics.\nAccordingly, NASA lacks assurance that it can effectively mitigate potential software\nfailures through the use of IV&V and monitoring of software assurance activities.\n\nNASA recently issued interim guidelines that are intended to improve the software\ndevelopment process. The guidelines include criteria for using IV&V during software\ndevelopment.\n\nBackground\n\nIn 1993, NASA established the IV&V Facility in Fairmont, West Virginia, 1 as part of an\nAgencywide strategy to provide the highest achievable levels of safety and cost-\neffectiveness for mission-critical software. The IV&V Facility currently supports 21\nNASA programs and projects including the International Space Station, Space Shuttle,\nEarth Observing System Data and Information System, Checkout and Launch Control\nSystem at the Kennedy Space Center, and Advanced Air Transportation Technology.\nThe Facility\xe2\x80\x99s budget for fiscal year (FY) 2000 is $26 million.\n\n\n\n\n1\n NASA established the Facility as a result of recommendations made by the National Research Council\nand the \xe2\x80\x9cReport of the Presidential Commission on the Space Shuttle Challenger Accident.\xe2\x80\x9d\n\x0c                                                                                              2\n\nRecommendations\n\nWe recommended that NASA establish procedures for evaluating the adequacy of program\nand project managers\xe2\x80\x99 actions in implementing the interim IV&V criteria and conduct\nevaluations, as appropriate. Without procedures, NASA lacks assurance that the interim\ncriteria are effectively applied to software development projects. We also recommended that\nNASA issue guidelines for the IV&V Facility review of programs and projects with\nsignificant software applications; for implementing recommendations to perform IV&V; and\nfor collecting, analyzing, and reporting software metrics. Without such guidance, NASA\nlacks assurance that the risk of potential software failures has been adequately reduced\nthrough IV&V. Also, without software metrics guidance, NASA has an unmet requirement\nfor assessing the adequacy of its software policies and procedures.\n\nManagement\xe2\x80\x99s Response and OIG Evaluation\n\nManagement concurred with the recommendations. NASA management issued interim\nIV&V criteria for use by program and project managers in determining whether new or\nexisting projects should be subject to IV&V. Also, IV&V Facility personnel are assisting the\nprojects in determining the necessary level of IV&V and in developing IV&V implementation\nplans. NASA management also issued a set of software metrics that it will evaluate over a 12-\nmonth period. Upon conclusion of the evaluation period, management will determine whether\nthe metrics gathered satisfy the objectives of the metrics program. The approved metrics will\nbecome part of a NASA policy guideline.\n\nThe actions planned or taken by management are responsive to the recommendations. Details\non the status of the recommendations are in the Recommendations section of the report.\n\n\n\n[original signed by]\nRoberta L. Gross\n\n\n\nEnclosure\n Final Report on Audit of Software Assurance\n\x0c        FINAL REPORT\nAUDIT OF SOFTWARE ASSURANCE\n\x0cW                                                                    September 28, 2000\n\n\n\nTO:           AE/Chief Engineer\n              AO/Chief Information Officer\n              Q/Associate Administrator for Safety and Mission Assurance\n\nFROM:         W/Assistant Inspector General for Auditing\n\nSUBJECT:      Final Report on Audit of Software Assurance\n              Assignment Number A9906600\n              Report Number IG-00-059\n\n\nThe subject final report is provided for your information and use. Our evaluation of your\nresponse is incorporated into the body of the report. The corrective actions planned for\nthe recommendations are responsive. The recommendations will remain open for\nreporting purposes until agreed to corrective actions are completed. Please notify us\nwhen action has been completed on the recommendations, including the extent of testing\nperformed to ensure corrective actions are effective.\n\nIf you have questions concerning the report, pleas contact Mr. David Gandrud, Program\nDirector, Information Technology Program Audits, at (650) 604-2672, or Mr. Roger\nFlann, Program Manager, at (818) 354-9755. We appreciate the courtesies extended to\nthe audit staff. The final report distribution is in Appendix D.\n\n\n\n[original signed by]\nRussell A. Rau\n\nEnclosure\n\x0c                                                                              2\n\ncc:\nB/Chief Financial Officer\nB/Comptroller\nBF/Director, Financial Management Division\nG/General Counsel\nJM/Acting Director, Management Assessment Division\n200-1/Director, Ames Research Center\n100/Director, Goddard Space Flight Center\n307/Acting Director, NASA Independent Verification and Validation Facility,\n    Goddard Space Flight Center\n\x0c                            NASA Office of Inspector General\n\nIG-00-059                                                                         September 28, 2000\n A9906600\n\n                                       Software Assurance\n\nIntroduction\n\nSoftware assurance is the planned and systematic set of activities for ensuring that\nsoftware processes and products conform to established requirements, standards, and\nprocedures. Verification and validation of the software processes and products are part of\nsoftware assurance. IV&V is a process used to ensure that software products of the\nsoftware development life-cycle phases are independently reviewed, verified, and\nvalidated by an organization that is neither the developer nor the acquirer of the software.\nIV&V is a vital part of a sound management process because it ensures that program\nadvocacy is balanced by substantive evidence. NASA\xe2\x80\x99s planned information technology\ninvestment for FY 2000 is $2.2 billion. 2\n\nNASA Policy Directive (NPD) 2820.1, \xe2\x80\x9cNASA Software Policies,\xe2\x80\x9d May 29, 1998,\ndefines NASA policies regarding management, engineering, and assurance of software\ncreated or purchased by the Agency. The NPD requires program and project managers to\nemploy verification and validation techniques for risk mitigation and requires the Agency\nto collect, analyze, and report on software metrics.\n\nThe overall audit objective was to determine whether NASA has exercised effective\nsoftware assurance. Due to the importance of IV&V in the software assurance process,\nwe limited our review to determining whether the Agency had established adequate\nguidelines for using IV&V during the software life cycle and whether program and\nproject managers had implemented recommendations to perform IV&V. Details on our\naudit objectives, scope, and methodology are in Appendix A.\n\nResults in Brief\n\nNASA lacked adequate management controls for using IV&V in software development\nprojects. Additionally, management had not established metrics for evaluating software\npolicies and procedures and for reporting to the NASA Engineering Management\nCouncil 3 (EMC) as required by NPD 2820.1. As a result, NASA is not assured that it can\n\n2\n  Information technology investments include computers, ancillary equipment, software, firmware,\nnetworks, services and support services, personnel, funds, and related information resources. Because\nsoftware costs are not separately tracked, that portion of the information technology investment cost is not\nknown.\n3\n  The Engineering Management Council is a forum for assessing and improving Agency engineering\npractices, policies, training and certification standards, procedures, and capabilities. The Engineering\nManagement Council conducts or supports independent technical reviews of NASA programs and informs\nthe Chief Engineer about NASA-wide engineering activities.\n\x0ceffectively mitigate potential software failures through robust use of IV&V and effective\nmonitoring of software assurance activities. NASA recently issued interim guidelines\nthat are intended to improve the software development process.\n\nBackground\n\nThe IV&V Facility in Fairmont, West Virginia, is intended to be the NASA center of\nexcellence for applying software verification and validation technology. It manages\nindependent assessments, 4 software and system engineering tasks, and IV&V for NASA\nprograms and projects. 5\n\nThe NASA Office of Safety and Mission Assurance (OSMA) had initial management\nresponsibility for the Facility. In 1995, management responsibility transferred to Ames.\nIn July 2000, NASA transferred management responsibility to Goddard. 6 The transfer\nwas intended to better integrate the IV&V Facility into the software development life\ncycle of NASA\xe2\x80\x99s programs and projects.\n\nManagement Controls\n\nFinding. NASA lacked adequate management controls for determining whether to use\nIV&V in its software development projects and for collecting, analyzing, and reporting\nsoftware metrics designed to monitor these projects. This condition occurred because\nNASA had not issued guidelines to implement the controls. As a result, NASA has less\nassurance that the risk of potential software failures has been adequately reduced through\nIV&V and implementation of sound software assurance policies and procedures.\n\nNASA Software Policies and Procedures\n\nNPD 2820.1 requires program and project managers to employ verification and validation\ntechniques for risk mitigation, including IV&V as appropriate, based on project cost, size,\ncomplexity, life span, risk, and consequences of failure. 7 The NPD does not include\nspecific criteria for determining whether IV&V is appropriate for a software development\nproject.\n\n\n\n4\n  An independent assessment identifies the risks to the critical software elements that could jeopardize\nmission safety and success. Program and project managers can use the results of an independent\nassessment to determine whether a software development project should undergo IV&V. Software and\nsystem engineering tasks identify potential issues based on software design analyses, software code\nreviews, and peer reviews. These tasks do not constitute IV&V, which involves evaluating the software\ndevelopment project throughout its life cycle. The IV&V Facility and the project managers determine\nwhich tasks will be performed based on the status of the project.\n5\n  The IV&V Facility uses contractors to perform work supporting NASA programs and projects.\n6\n  OSMA has management responsibilities for the Agency\xe2\x80\x99s software assurance and IV&V of critical flight\nsystems and conducts these responsibilities through Goddard.\n7\n  Consequences of failure include loss of life, serious injury, catastrophic mission failure, partial mission\nfailure, loss of equipment, waste of resource investment, adverse visibility, and impact on routine\noperations.\n\n\n                                                      2\n\x0cNPD 2820.1 also requires the IV&V Facility to collect, analyze, and report on software\nmetrics. Software metrics include:\n\n        \xe2\x80\xa2    Evidence of project compliance with the NPD.\n\n        \xe2\x80\xa2    Agency trends on software cost and schedule baseline deviations and the\n             degree to which delivered software satisfies Agency requirements, including\n             safety, quality, and reliability measures.\n\n        \xe2\x80\xa2    Assessments and audits of conformance to International Standards\n             Organization (ISO)8 9001 and the Capability Maturity Model (CMM) 9 for\n             Software in NASA software creation and acquisition organizations.\n\n        \xe2\x80\xa2    Other surveys relating to the implementation of the Directive.\n\n        \xe2\x80\xa2    Improvements in software acquisition and creation of software projects,\n             resulting from the use of the CMM.\n\n        \xe2\x80\xa2    Improvements in management of software creation and acquisition, resulting\n             from case studies and shared experiences.\n\nThe NASA Chief Information Officer (CIO), Chief Engineer, and Associate\nAdministrator for OSMA are responsible for jointly promoting software policies,\nstandards, best practices, and guidelines. The CIO has primary responsibility for\ndeveloping the Agency\xe2\x80\x99s software policies. During a Senior Management Council10\nmeeting in June 1999, the NASA Administrator stated that only the IV&V Facility should\nconduct IV&V for NASA projects. The Associate Administrator for OSMA reiterated\nthe Administrator\xe2\x80\x99s decision in a November 10, 1999, memorandum. 11\n\n\n\n\n8\n  ISO 9000 is a series of standards and guidelines that define the minimum requirements for an effective\nQuality System that is accepted internationally. The ISO 9001 standard requires NASA Headquarters to\ndocument what it does, do what it documents, and provide objective evidence of accomplishment. The\nstandard also requires that NASA review its processes for improvement when necessary.\n9\n  The CMM for Software describes the principles and practices underlying software process maturity and is\nintended to help software organizations improve the maturity of their software processes in terms of an\nevolutionary path from informal, chaotic processes to mature, disciplined software processes.\n10\n   NASA's Senior Management Council is chaired by the Administrator and consists of Associate\nAdministrators, Officials-in-Charge of Headquarters offices, and installation Directors. This council\nadvises the Administrator on the status of Agency programs and plans and serves as a forum for discussing\nissues affecting Agency management.\n11\n   The Associate Administrator for OSMA issued the November 10, 1999, memorandum on \xe2\x80\x9cSoftware\nAssurance for Safety and Mission Assurance,\xe2\x80\x9d to Enterprise Associate Administrators, Center Directors,\nand Center Safety and Mission Assurance Directors. (The Agency established four Strategic Enterprises to\nfunction in primary business areas for implementing NASA\xe2\x80\x99s mission and serving customers. The four\nEnterprises are (1) Aerospace Technology, (2) Earth Science, (3) Human Exploration and Development of\nSpace, and (4) Space Science.\n\n\n                                                    3\n\x0cOn May 10, 2000, NASA established an initiative to improve software quality and\nsafety. 12 As part of this initiative, the CIO, Chief Engineer, and Associate Administrator\nfor OSMA assigned the Software Working Group 13 (SWG) the responsibility for\ndeveloping criteria for use in determining whether to use IV&V. The initiative also\nincluded the requirement to collect meaningful software metrics.\n\nOn July 21, 2000, the Chief Engineer issued a memorandum that included the SWG-\ndeveloped interim criteria for IV&V. 14 The interim criteria provide quantifiable\nstandards for determining whether IV&V should be applied to a software development\nproject. Program and project managers are to use the criteria to evaluate specific aspects\nof a project for consequences of failure and probability of failure. The criteria also\nidentify factors for evaluating the projects and for rating the risks to software\ndevelopment. The Deputy Associate Administrator for OSMA stated that, as an interim\nmeasure, program and project managers must apply the criteria to selected existing and\nall new software development projects.\n\nUse of IV&V\n\nNASA has not established guidelines to help users determine whether to use IV&V based\non a software project\xe2\x80\x99s cost, size, complexity, life span, risk, and consequences of failure\nas required by NPD 2820.1.\n\nThe benefits of performing IV&V have been well demonstrated. For example, through\nthe application of IV&V for the Space Shuttle Program, the IV&V Facility identified 15\nsoftware errors that could have resulted in loss of the Shuttle or crew. With the\ncorrection of the software errors, the Space Shuttle Program increased mission safety and\nreliability and reduced program cost. Notwithstanding such efforts, the IV&V Facility\nhad performed IV&V on only 9 15 of about 170 programs and projects, as of\nDecember 22, 1999 managed by Program Management Councils (PMC\xe2\x80\x99s). 16\n\nWith issuance of the interim criteria, NASA has taken substantial steps toward improving\nits software assurance program. For example, managers must now evaluate their\nprograms and projects during project formulation to determine whether software IV&V\n\n12\n   The CIO, Chief Engineer, and Associate Administrator for OSMA issued the May 10, 2000,\nmemorandum on \xe2\x80\x9cNASA\xe2\x80\x99s Initiative to Improve Quality and Safety of Software,\xe2\x80\x9d to Officials-in-Charge of\nHeadquarters Offices, Center Directors, and the Director of the Jet Propulsion Laboratory.\n13\n   The SWG is the responsibility of the Chief Engineer. The SWG advises the Agency on software-related\nmatters and recommends software management, engineering, and assurance polices, standards, best\npractices, and guidance.\n14\n   The Chief Engineer issued the July 21, 2000, memorandum on \xe2\x80\x9cInterim NASA Software Independent\nVerification and Validation (IV&V) Policy and IV&V Facility Planning Action to Project Managers,\xe2\x80\x9d to\nOfficials-in-Charge of Headquarters Offices, Center Directors, and the Director of the Jet Propulsion\nLaboratory.\n15\n   Appendix B identifies the NASA programs and projects for which the IV&V Facility performed an\nindependent assessment, software and system engineering tasks, or IV&V.\n16\n   NASA has established a hierarchy of PMC\xe2\x80\x99s that are responsible for assessing program and project\nformulation and implementation and for providing oversight and direction. PMC\xe2\x80\x99s exist at the Agency,\nLead Center, and Center levels.\n\n\n                                                  4\n\x0cor an independent assessment is required. Further, managers must coordinate their\nevaluation results with the governing PMC\xe2\x80\x99s and the Center Directors. To ensure that the\ninterim criteria are effectively applied to software development projects, responsible\nNASA officials should evaluate the adequacy of program and project managers\xe2\x80\x99 actions\nin implementing the criteria.\n\nRecommendations to Perform IV&V\n\nThe IV&V Facility performs independent assessments that may result in a\nrecommendation to perform IV&V on software development projects. However, NASA\nhad not established guidelines to help ensure that program and project managers\nadequately address the recommendations.\n\nAs of August 1, 2000, the IV&V Facility performed independent assessments for 12\nNASA programs and projects (see Appendix B) and recommended IV&V for 4 of them:\nthe Checkout and Launch Control System, 17 Mars Surveyor Program, 18 Stratospheric\nObservatory for Infrared Astronomy (SOFIA), 19 and Boeing 757 New Generation\nDisplay Simulation. 20 Managers for three of the four programs and projects chose to not\nimplement IV&V. Specifically:\n\n         \xe2\x80\xa2   The project manager for the Mars Surveyor Program did not follow the\n             Facility\xe2\x80\x99s recommendations to perform IV&V due to insufficient funding for\n             IV&V. The Mars Surveyor Program later failed, in part, due to reported\n             software problems or failures.\n\n         \xe2\x80\xa2   The project manager for SOFIA initially determined that the recommendation\n             to perform IV&V would not be implemented because \xe2\x80\x9can additional review\n             effort would be deleterious to the program\xe2\x80\x99s already seriously challenged\n             schedule and cost status.\xe2\x80\x9d The IV&V Facility and program management have\n             since begun negotiations to perform IV&V.\n\n         \xe2\x80\xa2   Project management for the Boeing 757 project determined that the\n             verification and validation processes for the project sufficiently mitigated\n             project risks and considered IV&V to be unnecessary.\n\n\n17\n   The Checkout and Launch Control System processes Space Shuttle data at the Kennedy Space Center.\nThis includes providing multi-orbiter support from one control room; multi-system monitoring capability\nfrom one console; and local monitoring, command, and control.\n18\n   The Mars Surveyor Program included the Mars Climate Orbiter and Mars Polar Lander.\n19\n   SOFIA will be the largest airborne telescope in the world, making observations that are impossible for\neven the largest, highest ground-based infrared telescopes. NASA, the German Aerospace Center, and an\ninternational contractor team are working together to create SOFIA\xe2\x80\x94a 2.5-meter (98.5-inch)-diameter\nreflecting telescope mounted in a modified Boeing 747SP. Ames manages the project.\n20\n   The Boeing 757 is a flying laboratory for aeronautical research. NASA has modified the aircraft for a\nbroad range of flight research programs and uses the aircraft to conduct research to increase aircraft safety,\noperating efficiency, and compatibility with future air traffic control systems. The Langley Research\nCenter maintains and flies the Boeing 757.\n\n\n                                                      5\n\x0cImproved management controls for addressing recommendations to perform IV&V,\nbased on independent assessments, are needed to ensure that program and project\nmanagers adequately address software development risks through IV&V. Without such\ncontrols, the value added by the independent assessment process may not be realized.\n\nUse of Software Metrics\n\nThe Agency has not collected, analyzed, or reported software metrics as required by NPD\n2820.1. The NPD requires the IV&V Facility to collect and analyze metrics and to\nsubmit an annual report on Agency software policies and practices to the NASA EMC.\nThe Directive further requires the governing PMC\xe2\x80\x99s to review software processes and\nproducts and to provide the results to the IV&V Facility. The Directive references\nunpublished NASA Policy Guidelines 2820 21 for specific responsibilities related to\ncollecting, analyzing, and reporting software metrics. Further, the Directive does not\nidentify the types of information that should be included in the annual report and does not\naddress how the IV&V Facility or NASA management should use the information.\nGuidelines for collecting, analyzing, and reporting software metrics are needed to help\nthe Agency meet NPD 2820.1 software metric requirements.\n\nIn the May 10, 2000, memorandum on NASA\xe2\x80\x99s initiative to improve the quality and\nsafety of software, the CIO, Chief Engineer, and Associate Administrator for OSMA\naddressed software metrics as an important part of the initiative. The metrics currently\nrequired are presented on page 3 of this report. Beginning with the second half of FY\n2001, program and project managers will be required to collect and report software\nmetrics. The memorandum states the SWG will analyze the metrics. Subsequently, the\nDeputy Chief Engineer stated that the IV&V Facility will collect and analyze the metrics\nand provide the results to the SWG. The NASA official further stated that the SWG has\nbegun reevaluating the metrics to ensure that NASA has identified the appropriate\nsoftware metrics to be collected.\n\nWhile NASA\xe2\x80\x99s recent actions represent important steps to improving software policies\nand procedures, NASA should ensure that it develops and issues policy guidelines for\ncollecting, analyzing, and reporting appropriate software metrics. Without the guidelines,\nthe requirement for collecting, analyzing, and reporting software metrics may remain\nunmet and Agencywide software policies and procedures will lack adequate visibility.\n\n\n\n\n21\n  Until recently, the CIO, Chief Engineer, and Associate Administrator for OSMA had not determined\nwhether NASA would issue NPG 2820 (title not known). As part of NASA\xe2\x80\x99s actions to improve software\npolicies and procedures, the NASA managers have determined that the NPG will be issued.\n\n\n                                                 6\n\x0cRecommendations, Management\xe2\x80\x99s Response and Evaluation of\nResponse\n\n1. The NASA CIO, in collaboration with the NASA Chief Engineer and Associate\nAdministrator for OSMA, should establish procedures for evaluating the adequacy\nof program and project managers\xe2\x80\x99 actions in implementing the interim IV&V\ncriteria and conduct evaluations, as appropriate.\n\nManagement\xe2\x80\x99s Response. Concur. The Goddard Office of System and Mission Assurance\nissued an IV&V Interim Policy. The policy states that all projects meeting defined criteria\nwill document and implement a plan that addresses the performance of IV&V during software\ndevelopment. The Goddard Office of Systems Safety and Mission Assurance is leading the\ndevelopment of a NASA policy document for IV&V. The document is sponsored by the\nNASA OSMA and will be in the initial stage of the NASA Directives Management review\ncycle by October 31, 2000. The complete text of management\xe2\x80\x99s response is in Appendix C.\n\nEvaluation of Management\xe2\x80\x99s Response. Management\xe2\x80\x99s ongoing and planned actions are\npartially responsive to Recommendation 1. However, management's actions discussed\nregarding Recommendation 2 below describe additional actions that effectively meet the\nintent of Recommendation 1. Recommendation 1 is resolved but will remain undispositioned\nand open pending the final issuance and implementation of an NPD relating to the use of\nIV&V in NASA\xe2\x80\x99s software development projects.\n\n2. The NASA CIO, in collaboration with the NASA Chief Engineer and Associate\nAdministrator for OSMA, should issue guidelines for IV&V Facility review of\nprograms and projects with significant software applications; for implementing\nrecommendations to perform IV&V; and for collecting, analyzing, and reporting\nsoftware metrics.\n\nManagement\xe2\x80\x99s Response. Concur. On June 28, 2000, NASA\xe2\x80\x99s SWG released the criteria\nfor assessing project software risk and for determining the necessity for IV&V. About 100\nNASA projects under development and not currently implementing IV&V applied the criteria\nduring August 2000. The projects sent the results to the IV&V Facility for it to determine the\nnecessity to implement IV&V. The IV&V Facility used the results to develop an initial list of\nprojects that should have IV&V. Personnel from the IV&V Facility are in the process of\nmeeting with the projects identified for application of IV&V in order to determine the\nnecessary level of IV&V and to develop implementation plans. These initial meetings will be\ncompleted by December 31, 2000. IV&V activities on identified projects will be initiated\nduring FY 2001 and fully under way on all projects by the end of FY 2001.\n\nThe draft NPD for IV&V specifies that, in their planning stages, all new software projects\nshall determine the need for IV&V. The issuance of the NPD will formalize this requirement.\n\nRegarding the need for software metrics guidelines, in July 2000, the SWG released a set of\nmetrics applicable to all NASA software development programs. The IV&V Facility will\nanalyze the metrics over a 12-month period. When this period concludes in October 2001, the\n\n\n                                              7\n\x0cFacility will use these analyses to determine whether the metrics collected satisfy the\nobjectives of the metrics program. If the results indicate changes are needed in the metrics set,\nthe SWG will reevaluate the metrics and make necessary changes to the set of metrics to be\ncollected. Metrics collection will begin on all projects as specified in NPD 2820.1 starting\nOctober 2001.\n\nEvaluation of Management\xe2\x80\x99s Response. The actions ongoing and planned are responsive to\nthe recommendation. The recommendation is resolved but will remain undispositioned and\nopen pending final issuance and implementation of the NPD for IV&V and implementation of\nsoftware metrics for all projects.\n\n\n\n\n                                                8\n\x0c             Appendix A. Objectives, Scope, and Methodology\n\nObjectives\n\nThe overall audit objective was to determine whether NASA has exercised effective\nsoftware quality assurance. Specifically, we were to determine whether selected software\ndevelopment projects had complied with applicable software quality assurance standards\nand procedures related to project planning, acceptance-level testing, and reporting. Due\nto the importance of independent verification and validation (IV&V) in the software\nassurance process, we limited our review to determining whether:\n\n       \xe2\x80\xa2   the Agency established adequate guidelines for using IV&V during the\n           software life cycle;\n\n       \xe2\x80\xa2   program and project managers had implemented recommendations to perform\n           IV&V; and\n\n       \xe2\x80\xa2   software metrics were being collected, analyzed, and reported in accordance\n           with NPD 2820.1.\n\nA future audit will include the review of software quality assurance standards and\nprocedures.\n\nScope and Methodology\n\nWe limited our review to NASA\xe2\x80\x99s use of IV&V when developing software for NASA\nprograms and projects. We performed the following:\n\n       \xe2\x80\xa2   Reviewed applicable policy directives, guidelines, guidebooks, standards;\n           reports and presentations; and other documentation to gain an understanding\n           of NASA processes and procedures for software assurance.\n\n       \xe2\x80\xa2   Identified NASA programs and projects for which IV&V and independent\n           assessments had been performed (by the IV&V Facility and Goddard) to\n           determine the extent of IV&V performed.\n\n        \xe2\x80\xa2 Interviewed NASA officials at Headquarters, Ames Research Center (Ames),\n          Goddard Space Flight Center (Goddard), the Jet Propulsion Laboratory,\n          Johnson Space Center (Johnson), Langley Research Center (Langley), and the\n          IV&V Facility to determine their roles and responsibilities in the software\n          assurance area.\n\n\n\n\n                                            9\n\x0cAppendix A\n\nManagement Controls Reviewed\n\nWe reviewed management controls for determining whether program and project\nmanagers should incorporate IV&V into their software development projects. NASA had\nnot established the management controls for determining whether to use IV&V; for\nimplementing independent assessment recommendations; and for collecting, analyzing,\nand reporting software metrics.\n\nAudit Field Work\n\nWe performed audit field work from October 1999 through August 2000 at NASA\nHeadquarters, the IV&V Facility, Ames, Goddard, Johnson, the Jet Propulsion\nLaboratory, and Langley. We conducted the audit in accordance with generally accepted\ngovernment auditing standards.\n\n\n\n\n                                          10\n\x0c                   Appendix B. NASA Programs and Projects\n                       Supported by the IV&V Facility\n                                     June 1994 \xe2\x80\x93 July 2000\n\n                                                               Status of Work\n                                           by Independent Verification & Validation (IV&V) Facility\n           Program/Project                                    Software & System\n                                            Independent\n                                                              Engineering Tasks             IV&V\n                                             Assessment\n                                                                    (SET)\n\nAdvanced Air Transportation\n                                          Not performed       Work ongoing            Not applicable\nTechnology\n\n                                          Independent\n                                                              Agreement for SET\nBlended Wing Body Low Speed Vehicle       assessment                                  Not applicable\n                                                              being negotiated\n                                          completed\n\n                                          System software                             Recommendations\nBoeing 757 New Display Simulation         assessment          Not performed           for IV&V not\n                                          completed                                   implemented 1\n\n                                                              Life-cycle process\nCassini                                   Not performed       assessment              Not performed\n                                                              completed\n\n                                          Criticality\n                                          assessment\nCheckout Launch and Control System                            Not performed           IV&V ongoing\n                                          completed\xe2\x80\x94lead\n                                          to IV&V\n\nEarth Observing System Data                                   SET completed\xe2\x80\x94\n                                          Not performed                               IV&V ongoing\nInformation System                                            leading to IV&V\n\n                                                              SET ongoing with\nGravity Probe-B                           Not performed       negotiations to         Not applicable\n                                                              expand tasks\n\n                                          Completed\n                                          independent\nHyper-X                                                       SET ongoing             Not applicable\n                                          assessment\xe2\x80\x94\n                                          lead to SET\n\n\nIntegrated Asset Management               Not performed       Not performed           IV&V ongoing\n\n\nIntegrated Financial Management\n                                          Not performed       Not performed           IV&V ongoing\nProgram\n\n1\n The project manager determined that IV&V activities were not needed and that verification and\nvalidation activities adequately mitigated project risks.\n\n\n\n\n                                                 11\n\x0cAppendix B\n                                                               Status of Work\n                                           by Independent Verification & Validation (IV&V) Facility\n           Program/Project                                  Software & System\n                                            Independent\n                                                            Engineering Tasks           IV&V\n                                             Assessment\n                                                                    (SET)\n\nInternational Space Station               Not performed       Not performed           IV&V ongoing\n\n\n                                          Criticality risk                            Recommendations\nMars Surveyor Program 1998                assessment          SET completed           for IV&V not\n                                          completed                                   implemented2\n\n                                                              Agreement to\nMars 2001/Genesis                         Not performed       perform SET being       Not applicable\n                                                              negotiated\n\n                                          Independent\nMission Control Center                    assessment          Not performed           Not performed\n                                          completed\n\n                                                                                      Agreement for\n                                                              SET ongoing, and\nNational Polar-orbiting Operational                                                   IV&V to be\n                                          Not performed       recommendations for\nEnvironmental Satellite System                                                        negotiated, as\n                                                              IV&V anticipated\n                                                                                      appropriate\n\n                                          Independent                                 Project identified\nPicasso-Cena                              assessment          Not performed           as a candidate for\n                                          completed                                   future IV&V\n\nProduction Support Flight Control\n                                          Not performed       SET completed           Not performed\nComputers\n\n                                                                                      Not performed\xe2\x80\x94\n                                          Independent\nSmall Spacecraft Technology                                                           launch delayed,\n                                          assessment          Not performed\nInitiative/Clark                                                                      and project later\n                                          completed\n                                                                                      cancelled\n\n\nSpace Shuttle                             Not performed       Not performed           IV&V ongoing\n\n\nSpace Shuttle Upgrade                     Not performed       Not performed           IV&V ongoing\n\n\n                                          Independent\nSpace InfraRed Telescope Facility         assessment is       Not applicable          Not applicable\n                                          ongoing\n\n2\n The project manager determined that IV&V activities were not needed and that verification and validation\nactivities adequately mitigated project risks.\n\n\n\n\n                                                  12\n\x0c                                                                                          Appendix B\n                                                               Status of Work\n                                           by Independent Verification & Validation (IV&V) Facility\n           Program/Project                                     Software & System\n                                            Independent\n                                                               Engineering Tasks            IV&V\n                                             Assessment\n                                                                     (SET)\n\n                                          Independent\nStratospheric Aerosol and Gas\n                                          assessment is       Not applicable          Not applicable\nExperiment III\n                                          ongoing\n\n                                          Independent                                 Agreement for\nStratospheric Observatory for Infrared\n                                          assessment          Not performed           IV&V being\nAstronomy\n                                          completed                                   negotiated 3\n\n\nX-33                                      Not performed       Not performed           IV&V ongoing\n\n\n                                          Independent\n                                          assessment\nX-34                                                          SET ongoing             Not applicable\n                                          completed\xe2\x80\x94SET\n                                          recommended\n\n                                                                                      Negotiating\nX-37                                      Not performed       Not performed           agreement for\n                                                                                      IV&V\n\n                                                                                      Negotiating\nX-38                                      Not performed       Not performed           agreement for\n                                                                                      IV&V\n\n3\n The project initially determined that IV&V was not needed. Subsequently, the project determined that\nthe IV&V Facility would perform IV&V. The Facility and project are negotiating an agreement for the\nIV&V.\n\n\n\n\n                                                  13\n\x0cAppendix C. Management\xe2\x80\x99s Response\n\n\n\n\n               14\n\x0c     Appendix C\n\n\n\n\n15\n\x0cAppendix C\n\n\n\n\n             16\n\x0c     Appendix C\n\n\n\n\n17\n\x0c                       Appendix D. Report Distribution\n\nNational Aeronautics and Space Administration (NASA) Headquarters\n\nA/Administrator\nAE/Chief Engineer\nAI/Associate Deputy Administrator\nAO/Chief Information Officer\nB/Chief Financial Officer\nB/Comptroller\nBF/Director, Financial Management Division\nC/Associate Administrator for Headquarters Operations\nG/General Counsel\nH/Associate Administrator for Procurement\nHK/Director, Contract Management Division\nHS/Director, Program Operations Division\nJ/Associate Administrator for Management Systems\nJM/Acting Director, Management Assessment Division\nL/Associate Administrator for Legislative Affairs\nM/Associate Administrator for Space Flight\nQ/Associate Administrator for Safety and Mission Assurance\nR/Associate Administrator for Aerospace Technology\nS/Associate Administrator for Space Science\nU/Associate Administrator for Life and Microgravity Sciences and Applications\nY/Associate Administrator for Earth Science\nZ/Associate Administrator for Policy and Plans\n\nNASA Centers\n\nDirector, Goddard Space Flight Center\n Acting Director, NASA Independent Verification and Validation Facility\nChief Counsel, John F. Kennedy Space Center\nDirector, Jet Propulsion Laboratory\nDirector, Lyndon B. Johnson Space Center\nDirector, Langley Research Center\n\nNon-NASA Federal Organizations and Individuals\n\nAssistant to the President for Science and Technology Policy\nDirector, Office of Management and Budget\n\n\n\n\n                                           18\n\x0cAppendix D\n\nNon-NASA Federal Organizations and Individuals (Cont.)\n\nDeputy Director of Management, Office of Management and Budget\nDeputy Associate Director, Energy and Science Division, Office of Management and\n Budget\nBranch Chief, Science and Space Programs Branch, Energy and Science Division, Office\n of Management and Budget\nProfessional Assistant, Senate Subcommittee on Science, Technology, and Space\n\nChairman and Ranking Minority Member \xe2\x80\x93 Congressional Committees and\nSubcommittees\n\nSenate Committee on Appropriations\nSenate Subcommittee on VA, HUD, and Independent Agencies\nSenate Committee on Commerce, Science, and Transportation\nSenate Subcommittee on Science, Technology, and Space\nSenate Committee on Governmental Affairs\nHouse Committee on Appropriations\nHouse Subcommittee on VA, HUD, and Independent Agencies\nHouse Committee on Government Reform\nHouse Subcommittee on Government Management, Information, and Technology\nHouse Subcommittee on National Security, Veterans Affairs, and International Relations\nHouse Committee on Science\nHouse Subcommittee on Space and Aeronautics, Committee on Science\n\nCongressional Member\n\nHonorable Pete Sessions, U.S. House of Representatives\n\n\n\n\n                                          19\n\x0c                NASA Assistant Inspector General for Auditing\n                               Reader Survey\n\nThe NASA Office of Inspector General has a continuing interest in improving the\nusefulness of our reports. We wish to make our reports responsive to our customers\xe2\x80\x99\ninterests, consistent with our statutory responsibility. Could you help us by completing\nour reader survey? For your convenience, the questionnaire can be completed\nelectronically through our homepage at http://www.hq.nasa.gov/office/oig/hq/audits.html\nor can be mailed to the Assistant Inspector General for Auditing; NASA Headquarters,\nCode W, Washington, DC 20546-0001.\n\n\nReport Title:\n\nReport Number:                               Report Date:\n\n\nCircle the appropriate rating for the following statements.\n\n                                            Strongly                                Strongly\n                                             Agree     Agree   Neutral   Disagree   Disagree   N/A\n\n1. The report was clear, readable, and         5        4        3          2          1       N/A\n\n   logically organized.\n2. The report was concise and to the           5        4        3          2          1       N/A\n\n   point.\n3. We effectively communicated the             5        4        3          2          1       N/A\n\n   audit objectives, scope, and\n   methodology.\n4. The report contained sufficient             5        4        3          2          1       N/A\n\n   information to support the finding(s)\n   in a balanced and objective manner.\n\nOverall, how would you rate the report?\n    Excellent           Fair\n    Very Good           Poor\n    Good\nIf you have any additional comments or wish to elaborate on any of the above\nresponses, please write them here. Use additional paper if necessary.\n\x0cHow did you use the report?\n\n\n\n\nHow could we improve our report?\n\n\n\n\nHow would you identify yourself? (Select one)\n\n       Congressional Staff                      Media\n       NASA Employee                            Public Interest\n       Private Citizen                          Other:\n       Government:            Federal:            State:          Local:\n\n\nMay we contact you about your comments?\n\nYes: ______                                  No: ______\n\n\nName: ____________________________\nTelephone: ________________________\n\n\nThank you for your cooperation in completing this survey.\n\x0cMajor Contributors to the Report\n\nDavid L. Gandrud, Program Director, Information Technology Program Audits\n\nRoger W. Flann, Program Manager\n\nBessie J. Cox, Auditor-in-Charge\n\nSandra L. Laccheo, Auditor\n\nNancy C. Cipolla, Report Process Manager\n\nBarbara J. Smith, Program Assistant\n\x0c"